PRIVACY POLICY

This Privacy Policy (hereinafter referred to as the “Policy”) applies to the conditions and procedure for the processing of personal data that BY THE WAY Limited Liability Company (hereinafter referred to as the “Administrator”), the copyright holder of the following address: https://bytheway.com.ua/. (hereinafter referred to as the “Platform”) may receive from individuals - users of the Platform while using it, on the basis of the Constitution of Ukraine, the Law of Ukraine “On Personal Data Protection” dated 01.06.2010 No. 2297-VI (hereinafter referred to as the “Law”) and the General Data Protection Regulation (EU) 2016/679 of 27.04.2016 (EU General Data Protection Regulation - GDPR), hereinafter referred to collectively as the Legislation.

1. GENERAL PROVISIONS
   1. This Policy informs the users of the Platform about the list of personal data collected by the Platform Administrator and their protection, the purpose of using such personal data, under what circumstances and to whom they may be transferred, as well as the means of communication with the Administrator in case of questions regarding the processing of personal data.
      
   2. Interpretation of terms used in this Policy:
      (1) “ Administrator ” means BY THE WAY Limited Liability Company (EDRPOU code: 45070277), registered address: 11, Polsky Uziz, Odesa, 65026, Odesa region, office. 16 and its authorized persons for administration and management of the Platform.
      (2) “ Advertisement ” means a message posted by the User who has successfully passed the Authorization on the Platform, which contains information about the provision of services related to the logistics industry by the User or their search.
      (3) “Controller” means an individual or legal entity (public authority or their authorized representatives) that, alone or jointly with others, determines the purposes and means of processing (processing) personal data. The controller of personal data is the “owner of personal data” as defined by the legislation of Ukraine.
      (4) “Operator” means an individual or legal entity (public authority or their authorized representatives) that processes (handles) personal data on behalf of the controller. The personal data operator is a “personal data manager” as defined by the legislation of Ukraine.
      (5) “Personal Account” means an electronic record (account) of the User on the Platform, which has a unique ID number created as a result of the User's authorization on the Platform and which contains personal information about such User.
      (6) “Personal Data” - a set of information about an individual - a user of the Platform by which he or she can be identified.
      (7) “Platform” - a set of software and hardware in the form of an online service located on the Internet at the following address: https://bytheway.com.ua/.
      (8) “Processing of personal data”, “Personal data processing” means any operation or series of operations with personal data or sets of personal data using automated means or without them, such as collection, registration, organization, structuring, storage, adaptation or modification, search, review, use, disclosure through transmission, distribution or otherwise, arrangement or combination, restriction, erasure or destruction.
      (9) “Profiling” - a form of automated processing of personal data, consisting of the use of personal data to assess certain personal aspects relating to an individual, in particular, to analyze or predict aspects related to the data subject's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movement.
      (10) “Third party” means an individual or legal entity, public authority or their authorized representatives who are not the data subject (User), controller and/or operator authorized to process personal data.
      (11) “User” refers to any individual (aged 18 or over) or legal entity with full civil capacity who uses the Internet to find information and meet the needs of those in the field of logistics services.
      
   3. This Policy applies to all personal data of the Users that may be received by the Administrator and processed by the Operator in the course of using the Platform (including, but not limited to, when creating a Personal Account and an Advertisement, etc.)
   4. The Controller of the Users' personal data within the meaning of the Legislation is the Platform Administrator - BY THE WAY Limited Liability Company and its authorized persons to administer and manage the Platform.
      The Operator of the Users' personal data within the meaning of the Legislation is the cloud provider DigitalOcean LLC (101 Avenue of the Americas 2nd Floor New York NY 10013, VAT ID: EU528002224).
   5. An integral part of this Policy is the Cookie Policy, which is available to all Users at: https://bytheway.com.ua/ru/cookies/.
   6. The procedure and terms of use of the Platform by the Users are regulated by the User Agreement, which is available to all Users at the following address: https://bytheway.com.ua/ru/agreement/ (hereinafter referred to as the “Agreement”).
   7. When visiting the Platform for the first time, the User voluntarily, consciously and after having previously read this Policy agrees to the terms of this Policy and, accordingly, to the processing of personal data of the Users by clicking the “I agree” button and/or checking the appropriate box in the pop-up window in accordance with Appendix No. 1 to this Policy. In case of disagreement/non-agreement by the User with the terms of this Policy, such User shall leave the Platform.
   8. By agreeing to the terms of this Policy, the User confirms that at the time of collection and processing of personal data, he/she was informed about the list and purpose of processing his/her personal data and about the persons to whom this data is transferred. By accepting the terms of this Policy and providing their personal data, the User guarantees that they are provided with the consent of their owners and in accordance with the applicable Law.
   9. The Platform Administrator does not verify the accuracy and appropriateness of the personal data provided by the User to the Administrator, and is not able to verify his/her full civil capacity and, when processing personal data, assumes that the User acts in good faith and responsibly, provides accurate, reliable and up-to-date personal data about himself/herself without violating the rights of third parties.
   10. The Controller, represented by the Platform Administrator, and the Operator shall take all necessary and sufficient organizational and technical measures to protect the Users' personal data from unauthorized or accidental access by third parties, destruction, distortion, copying and dissemination of such data, as well as other illegal actions.
   11. The processing of the User's personal data, including, but not limited to, those located in the territory of the European Union or who are citizens of the European Union, is carried out in accordance with the requirements of the Legislation.
       
2. PURPOSE OF PERSONAL DATA PROCESSING
   
   1. On the basis of (1) the User's consent to the terms of this Policy and, accordingly, the processing of personal data of the Users (clause a, part 1, article 6 of the GDPR); and (2) the conclusion and execution of a transaction to which the User is a party or which is concluded in favor of the User or for the implementation of measures preceding the conclusion of a transaction at the request of the User (clause b, part 1, article 6 GDPR); and (3) to fulfill obligations under the Legislation (Article 6(1)(c) of the GDPR) and to protect the interests of Users (Article 6(1)(d) of the GDPR); and (4) to protect the interests of the Controller or a third party, unless such interests are overridden by the interests of the fundamental rights and freedoms of the data subject requiring the protection of personal data, especially if the data subject is a child (Article 6(1)(f) of the GDPR).
   2. The purpose of processing the Users' personal data is:
      (1) fulfillment of the duties assigned to the Administrator in accordance with the Legislation;
      (2) authorization (identification) of the Users and provision of access to use the Platform (including, but not limited to, creation of a Personal Account and Advertisements, leaving comments to the Administrator's publications on the Platform, use of other functionalities of the Platform that require identification of the User);
      (3) processing payments in accordance with the Agreement for financial reporting purposes;
      (4) to fulfill the requirements of the Legislation, namely to prevent or stop illegal actions of the Users;
      (5) collecting information about the activity of Users on the Platform, as well as their preferences, which helps to meet the needs of Users, conduct marketing campaigns, and identify actions that may threaten the safety of Users;
      (6) sending (sending) commercial (marketing) messages to the Users, including electronic messages containing information about the functionality of the Platform, their updates, advertising and/or marketing information about the Administrator and/or its partners, offers to use new paid services, etc;
      (7) improvement of the technical structure and interface of the Platform to facilitate the User's interaction with the Platform and protection of the Users' personal data;
      (8) interaction of Users with the Platform support.
      
3. PERSONAL DATA OF USERS
   
   1. The processing of personal data of Users is carried out in accordance with the principles provided for in Article 5 of the GDPR and the lawfulness of their processing in accordance with Part 1 of Article 6 of the GDPR.
   2. On the legal grounds specified in clause 2.1. of this Policy and in accordance with the purpose of processing the personal data of the Users, personal data shall be processed within the time necessary to enable the Users to use the Platform, but not longer than allowed by the requirements of the Legislation.
      
   3. The Platform Administrator, as part of the provision of the User's services, in particular access to the use of the Platform by the Users, processes the following personal data of the Users, which is stored on the Administrator's server in Germany.
      
      1. when the User interacts with the Platform, in particular, by using cookies on the Platform in accordance with the Cookie Policy, which is available to Users at: ______ (hereinafter referred to as the “Cookies Policy”):
         (1) the User's IP address used to use the Internet;
         (2) geographical location, type and version of the browser and operating system of the User's technical device used to interact with the Platform;
         (3) ID of the User's Personal Account;
         The term of their processing is until the end of the User's session (interaction) on the Platform.
         
      2. when creating a Personal Account on the Platform:
         (1) surname, name and patronymic and/or name of the legal entity;
         (2) contact information: phone number, e-mail;
         (3) a link to the User's personal website and/or social media account;
         (4) legal address of the legal entity;
         (5) photo of the User;
         (6) date of birth of the User;
         (7) driver's license category;
         (8) other information that the User voluntarily provides in the Personal Account.
         The term of their processing is until the User refuses from the Administrator's services (termination of the Agreement), taking into account the term for filing an objection to the processing of personal data and the term of the Administrator's obligation to keep accounting records in case of such an obligation and the limitation period.
         
      3. when paying for services:
         (1) information on payment for services contained in the receipt.
         The term of their processing is until the User refuses from the Administrator's services (termination of the Agreement), taking into account the term for filing an objection to the processing of personal data and the term of the Administrator's obligation to keep accounting records.
         
      4. when creating an Advertisement on the Platform:
         (1) surname, name and patronymic and/or name of the legal entity;
         (2) ID of the User's Personal Account;
         (3) information contained in the User's Personal Account;
         (4) information provided by the User in the content of the Advertisement (including, but not limited to, the city and country, the User's travel route and their dates);
         (5) other information that the User voluntarily provides in the Advertisement.
         The term of their processing is until the User refuses from the Administrator's services (termination of the Agreement), taking into account the term for filing an objection to the processing of personal data and the term of the Administrator's obligation to keep accounting records in case of such an obligation and the limitation period.
         
      5. when leaving comments to the Administrator's publications on the Platform:
         (1) surname, name and patronymic and/or name of the legal entity
         (2) ID of the User's Personal Account;
         (3) metadata.
         The term for their processing is until such comment is deleted on the Platform, taking into account the deadline for filing an objection to the processing of personal data and the limitation period.
         
      6. when contacting the Platform support:
         (1) surname, name and patronymic and/or name of the legal entity;
         (2) ID of the User's Personal Account;
         (3) type and version of the browser and operating system of the User's technical device used to interact with the Platform;
         (4) social media account;
         (5) metadata.
         The term of their processing shall be until the completion of consideration of the request for support of the Platform, but not longer than the moment of the User's refusal from the Administrator's services (termination of the Agreement), taking into account the deadline for filing an objection to the processing of personal data and the limitation period.
         
      7. when sending (mailing) commercial (marketing) messages to Users, including electronic messages:
         (1) surname, name and patronymic and/or name of the legal entity;
         (2) ID of the User's Personal Account;
         (3) contact information: phone number, e-mail.
         The period of their processing is until the User refuses to receive such commercial (marketing) messages from the Administrator, taking into account the deadline for filing an objection to the processing of personal data and the limitation period.
         
   4. Personal data processed on the Platform in an automated manner are:
      (1) the User's IP address used to use the Internet;
      (2) geographical location, type and version of the browser and operating system of the User's technical device used to interact with the Platform;
      (3) ID of the User's Personal Account in case of its creation.
      The term of their processing is until the end of the User's session (interaction) on the Platform.
      
   5. The Platform Administrator reserves the right to determine the list of mandatory personal data of the Users that they must specify when interacting with the Platform in order to use all available functionalities of the Platform (for example: when creating a Personal Account and an Advertisement, leaving comments on the Administrator's publications on the Platform and/or contacting the Platform support). The mandatory list of personal data of the Users is displayed on the Platform when performing certain actions with a red asterisk. Guided by clause e of part 2 of Article 13 of the GDPR, we inform that in case of failure to provide such data, the User may be restricted in the use of all the functionalities available on the Platform.
      
   6. Fulfilling the requirements of Part 4 of Art. 6 of the GDPR, the Platform Administrator may store the personal data of the Users for a period exceeding the period specified in clauses 3.3.1. - 3.3.7. and 3.4. only if:
      (1) it is required by law;
      (2) if such personal data can and will be used in legal proceedings;
      (3) for the purpose of establishing, exercising and/or protecting the legal rights of the Administrator.
   7. The Platform Administrator guarantees that it does not process personal data relating to racial or ethnic origin, political or religious beliefs, membership in political parties and trade unions, criminal convictions, as well as data on health, sexual life and genetic data.
   8. The Administrator of the Platform does not intentionally collect personal data of persons under the age of 18, control over the actions of minors in accordance with the Legislation is assigned to parents, guardians and/or trustees (representatives) of such persons. In case of detection of such processing by the Administrator, the Administration undertakes to immediately take all necessary measures to remove them. In case of such detection by a User under the age of 18 or one of his/her legal representatives, he/she may send a request to the Administrator to delete such personal data.
      
4. CIRCLE OF PERSONS AUTHORIZED TO PROCESS PERSONAL DATA
   
   1. Access to personal data of the Platform Users shall be granted to: The Controller represented by the Administrator and employees authorized by him (carried out only in accordance with their professional or official duties or employment), the Operator represented by DigitalOcean LLC and other third parties who, in accordance with the contract, provide services for the technical (software) support of the Platform. Such third parties may have access to personal data only if necessary.
   2. The Administrator shall keep records of persons other than the Controller and the Operator who have access to the personal data of the Users, taking into account the confidentiality and protection of personal data.
   3. Also, at the request of public authorities or persons authorized by them on the basis of a court decision, request and/or order (decision/order), the Administrator may provide personal data of the Users to public authorities or persons authorized by them.
   4. The personal data posted by the User on the Platform may be available worldwide via the Internet, and therefore the Administrator cannot prevent its use or possible misuse by third parties.
      
5. COOKIE FILES
   
   1. Cookies (hereinafter referred to as “Cookies”) are small text files that are stored on the User's device (phone, laptop, tablet, computer or other technical devices of the User) when the User visits the Platform.
   2. When using Cookies, only statistical data of the Users is collected, which helps to improve the convenience of the User's interaction with the Platform and the proper operation of the Platform.
   3. When the User uses the Platform, the following categories of Cookies are used:
      
      (1) Necessary Cookies - files that are required to ensure the functionality of the Platform and are stored on the User's technical device for a certain period of time after the end of the session of using the Platform.
      (2) Functional Cookies - files that help to save information that modifies the User's interaction with the Platform or the Platform interface and remembers the User's choice for future visits.
      (3) Third-party Cookies - files of third parties used to collect non-personalized information about the Platform visits by Users, analyze the effectiveness of its operation, etc.
      
   4. The use of Cookies on the Platform is controlled through the appropriate form, which is displayed during the first interaction of the User with the Platform. When visiting the Platform for the first time, the User agrees to the use of Cookies by the Platform by clicking the “I agree” or “I agree” button and/or checking the appropriate box in the pop-up window.
   5. The User's consent to the use of Cookies allows the Platform to store information about the User's session of interaction with the Platform, analyze the use of the Platform (for example: selection of parameters), authorization data, etc. If the User refuses to use Cookies, some functionality of the Platform may not be available for use or may not work correctly (not in full).
   6. For detailed information on the list of Cookies used, the purpose of their use and storage on the Users' technical devices, as well as on the methods of disabling and/or deleting them (management of Cookies by the Users), the User should go to the Cookie Policy, which is available at: https://bytheway.com.ua/ru/cookies/.
      
6. IMPLEMENTATION OF PERSONAL DATA PROTECTION
   
   1. The processing of personal data of Users is carried out exclusively in compliance with the requirements of Ukrainian legislation and the GDPR.
   2. The Administrator shall comply with the requirements for the destruction or depersonalization of personal data that has expired.
   3. The processing of the Users' personal data is directly related to the protection of confidential information, which the Administrator undertakes to ensure.
   4. The personal data protection system includes organizational, technical and/or programmatic measures developed taking into account current and possible security threats to the storage and confidentiality of personal data and technologies. The Administration regularly updates its protection measures, if necessary, and establishes additional protection measures.
   5. The exchange of personal data during their processing is carried out exclusively through communication channels protected by technical means of information protection.
   6. The User shall keep his/her login data (name (login) and password used by the User to authorize his/her Personal Account on the Platform) to the Personal Account and protect them from unauthorized access by unauthorized third parties and shall be solely responsible for their safety. In case of detection of such unauthorized access, the User shall immediately inform the Platform Administrator thereof by contacting support in the manner and under the conditions specified in clause 3.15. of the Agreement.
   7. Personal information shall remain confidential, taking into account the settings of the software and/or technologies of the web resource used by the User, which provide for open data exchange with other Users of web resources via the Internet.
      
7. USER RIGHTS
   
   1. In accordance with the Legislation, the User has the right to:
      (1) withdraw consent to the processing of personal data (Article 7 of the GDPR) - the User may at any time withdraw his/her consent to the processing of his/her personal data by sending an application in the manner prescribed by clauses 7.3. to 7.6. of this Policy;
      (2) to be informed about the information to be provided in case of collection of personal data (Articles 13, 14 of the GDPR and clauses 1, 2, part 2 of Article 8 of the Law) - The User can always familiarize himself with the current version of the Privacy Policy at the following link: https://bytheway.com.ua/ru/privacy-policy/, which provides a list of personal data that is collected and processed, as well as send an appeal to the Administrator in the manner prescribed by clauses 7.3. - 7.6. of this Policy;
      (3) access to their personal data (Article 15 of the GDPR and clause 3, part 2, Article 8 of the Law) - the User has constant access to their personal data stored in the Personal Account and/or published on the Advertisements Platform, in other cases, the User may send an application in the manner prescribed by clauses 7.3. - 7.6. of this Policy to the Administrator to obtain information whether their personal data is collected;
      (4) correction of their personal data (Article 16 of the GDPR) - the User has full access to correct their personal data stored in the Personal Account and/or published on the Advertisements Platform, in other cases, the User may send an application in the manner prescribed by clauses 7.3. - 7.6. of this Policy to the Administrator;
      (5) erasure of their personal data (Article 17 GDPR) - the User may send a request, in accordance with the procedure provided for in clauses 7.3. - 7.6. of this Policy, to the Administrator to erase their personal data;
      (6) restriction of processing of personal data by the Administrator (in cases provided for in Article 18 of the GDPR and clause 10, part 2, Article 8 of the Law) - if the User has identified one of the grounds provided for in Article 18 of the GDPR, the User may send an application to the Administrator in the manner prescribed by clauses 7.3. - 7.6. of this Policy;
      (7) data mobility (Article 20 of the GDPR) - if the User needs to receive certain personal data in a structured, commonly used and machine-readable format and transfer it to another data controller, the User may send an application in the manner prescribed by clauses 7.3. - 7.6. of this Policy to the Administrator;
      (8) object to the processing of data (including profiling) (Article 21 of the GDPR and clauses 6, 12, part 2 of Article 8 of the Law) - the User may at any time object to the processing of his/her data by sending an appeal in accordance with the procedure provided for in clauses 7.3. - 7.6. of this Policy to the Administrator;
      (9) not to be the subject of an automated decision, including profiling (Article 22 of the GDPR and clause 13, part 2, Article 8 of the Law) - the User may send an application in the manner prescribed by clauses 7.3. - 7.6. of this Policy to the Administrator.
   2. The Platform Administrator, exercising the right of the Users to be informed of the information to be provided in case of collection of personal data, shall provide the User with a list of possible such information specified in clauses. 3.3.1. - 3.3.4. of this Policy.
   3. The User, on his/her own initiative, within the framework of exercising his/her rights, may contact the Platform Administrator by sending an e-mail specified in Section 9 of this Policy.
   4. In the request (appeal), the User shall provide the following information:
      (1) for an individual applicant: surname, name and patronymic, ID of the User's Personal Account (if created), submitting the request; for a legal entity applicant: name, legal entity identification code, location of the legal entity submitting the request, position, surname, name and patronymic of the person certifying the request;
      (2) the purpose and legal grounds for the request (an example of legal grounds is given in clause 7.1 of this Policy);
      (3) surname, name and patronymic, as well as other information that allows to identify the individual/legal entity in respect of which the request is made;
      (4) information and a list of personal data requested/corrected/erased (destroyed)/restricted in processing.
   5. The term for studying the User's request for its satisfaction does not exceed ten working days from the date of its receipt. The request shall be satisfied within thirty calendar days from the date of its receipt. If necessary, taking into account the complexity and number of requests, this period may be extended for the next two months with notification of the User of such extension.
   6. If necessary, the Platform Administrator may request the applicant to provide additional information necessary to verify the applicant's identity.
   7. In case of withdrawal of his/her consent to the processing of personal data, the User undertakes to stop using the Platform, since for the correct and complete provision of services by the Administrator, in particular, providing the User with access to the use of the Platform and its functionality, the User provides the Administrator with personal data in the cases specified in clauses 3.3.1. - 3.3.7. and clause 3.4.
   8. In accordance with the above-mentioned legal grounds (clause 2.1. of this Policy) and the purpose of data collection and processing (clause 2.2. of this Policy), in case of further use of the Platform by the User (creation/editing of the Personal Account/ Advertisements and/or leaving comments on the Administrator's publications on the Platform and/or contacting support) after withdrawing his/her consent to the collection and processing of personal data and/or erasing/restricting their processing, the User confirms that, having read this Policy and the Agreement, he/she re-gives his/her consent to the processing of his/her personal data.
      
8. CHANGES TO THE PRIVACY POLICY
   
   1. This Policy may be changed or terminated by the Administrator unilaterally without prior notice to the Users, including if required by law. The current version of the Policy is always available at the following link: https://bytheway.com.ua/ru/privacy-policy/.
      
9. MEANS OF COMMUNICATION
   
   To contact the Administrator regarding the processing of personal data, the User may send an application (request) to the following e-mail address
   e-mail: x2y2z2nd@gmail.com.
   
   Integral parts of this Policy:
   (1) Appendix No. 1 - Statement of consent to the processing of personal data;
   (2) Cookie Policy.